Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
25 vulnerabilities by Panasonic Corporation
JVNDB-2025-004863
Vulnerability from jvndb - Published: 2025-05-14 11:30 - Updated:2025-05-14 11:30Summary
Panasonic IR Control Hub vulnerable to Unauthorised firmware loading
Details
IR Control Hub provided by Panasonic contains a vulnerability that may lead to loading of unauthorized firmware.
IR Control Hub provided by Panasonic verifies the hash value of the loading firmware when booting, but it keeps booting with the firmware even when it detects that the hash value does not match the expected value (CWE-354).
Moreover, the product has a UART interface on the board and it is configured active (CWE-1299).
When connected directly to this UART interface, the device can be controlled through this interface (CVE-2025-1073).
Shravan Singh reported this vulnerability to the developer and coordinated. After the coordination was completed, Shravan Singh and the develpper reported the case to JPCERT/CC to notify users of the solution through JVN.
References
| Type | URL | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-004863.html",
"dc:date": "2025-05-14T11:30+09:00",
"dcterms:issued": "2025-05-14T11:30+09:00",
"dcterms:modified": "2025-05-14T11:30+09:00",
"description": "IR Control Hub provided by Panasonic contains a vulnerability that may lead to loading of unauthorized firmware.\r\n\r\nIR Control Hub provided by Panasonic verifies the hash value of the loading firmware when booting, but it keeps booting with the firmware even when it detects that the hash value does not match the expected value (CWE-354).\r\nMoreover, the product has a UART interface on the board and it is configured active (CWE-1299).\r\nWhen connected directly to this UART interface, the device can be controlled through this interface (CVE-2025-1073).\r\n\r\nShravan Singh reported this vulnerability to the developer and coordinated. After the coordination was completed, Shravan Singh and the develpper reported the case to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-004863.html",
"sec:cpe": {
"#text": "cpe:/o:panasonic:ir_control_hub",
"@product": "IR Control Hub",
"@vendor": "Panasonic Corporation",
"@version": "2.2"
},
"sec:identifier": "JVNDB-2025-004863",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU94857368/index.html",
"@id": "JVNVU#94857368",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-1073",
"@id": "CVE-2025-1073",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1299.html",
"@id": "CWE-1299",
"@title": "Missing Protection Mechanism for Alternate Hardware Interface(CWE-1299)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/354.html",
"@id": "CWE-354",
"@title": "Improper Validation of Integrity Check Value(CWE-354)"
}
],
"title": "Panasonic IR Control Hub vulnerable to Unauthorised firmware loading"
}
JVNDB-2024-007002
Vulnerability from jvndb - Published: 2024-09-02 14:57 - Updated:2024-09-02 14:57
Severity
Summary
Panasonic Control FPWIN Pro7 vulnerable to stack-based buffer overflow
Details
Control FPWIN Pro7 provided by Panasonic contains a stack-based buffer overflow vulnerability (CWE-121, CVE-2024-7013).
Michael Heinzl reported this vulnerability to the developer and coordinated. After the coordination was completed, Panasonic reported the case to JPCERT/CC to notify users of the solutions through JVN.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-007002.html",
"dc:date": "2024-09-02T14:57+09:00",
"dcterms:issued": "2024-09-02T14:57+09:00",
"dcterms:modified": "2024-09-02T14:57+09:00",
"description": "Control FPWIN Pro7 provided by Panasonic contains a stack-based buffer overflow vulnerability (CWE-121, CVE-2024-7013).\r\n\r\nMichael Heinzl reported this vulnerability to the developer and coordinated. After the coordination was completed, Panasonic reported the case to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-007002.html",
"sec:cpe": {
"#text": "cpe:/a:panasonic:fpwin_pro",
"@product": "FPWIN Pro",
"@vendor": "Panasonic Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-007002",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU99905584/index.html",
"@id": "JVNVU#99905584",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-7013",
"@id": "CVE-2024-7013",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/121.html",
"@id": "CWE-121",
"@title": "Stack-based Buffer Overflow(CWE-121)"
}
],
"title": "Panasonic Control FPWIN Pro7 vulnerable to stack-based buffer overflow"
}
JVNDB-2024-003188
Vulnerability from jvndb - Published: 2024-05-17 15:46 - Updated:2024-05-17 15:46
Severity
Summary
Panasonic KW Watcher vulnerable to memory buffer error
Details
KW Watcher provided by Panasonic contains a vulnerability due to improper restriction of operations within the bounds of a memory buffer (CWE-119, CVE-2024-4162).
Michael Heinzl reported this vulnerability to Panasonic and coordinated.
After the coordination was completed, Panasonic reported the case to JPCERT/CC to notify users of the solutions through JVN.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003188.html",
"dc:date": "2024-05-17T15:46+09:00",
"dcterms:issued": "2024-05-17T15:46+09:00",
"dcterms:modified": "2024-05-17T15:46+09:00",
"description": "KW Watcher provided by Panasonic contains a vulnerability due to improper restriction of operations within the bounds of a memory buffer (CWE-119, CVE-2024-4162).\r\n\r\nMichael Heinzl reported this vulnerability to Panasonic and coordinated.\r\nAfter the coordination was completed, Panasonic reported the case to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003188.html",
"sec:cpe": {
"#text": "cpe:/a:panasonic:kw_watcher",
"@product": "KW Watcher",
"@vendor": "Panasonic Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-003188",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU95120091/index.html",
"@id": "JVNVU#95120091",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-4162",
"@id": "CVE-2024-4162",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Panasonic KW Watcher vulnerable to memory buffer error"
}
JVNDB-2024-001001
Vulnerability from jvndb - Published: 2024-01-10 13:46 - Updated:2024-01-10 13:46
Severity
Summary
Multiple vulnerabilities in Panasonic Control FPWIN Pro7
Details
Control FPWIN Pro7 provided by Panasonic contains multiple vulnerabilities listed below.
* Stack-based Buffer Overflow (CWE-121) - CVE-2023-6314
* Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) - CVE-2023-6315
Michael Heinzl reported these vulnerabilities to the developer and coordinated. After the coordination was completed, Panasonic reported the case to JPCERT/CC to notify users of the solutions through JVN.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-001001.html",
"dc:date": "2024-01-10T13:46+09:00",
"dcterms:issued": "2024-01-10T13:46+09:00",
"dcterms:modified": "2024-01-10T13:46+09:00",
"description": "Control FPWIN Pro7 provided by Panasonic contains multiple vulnerabilities listed below.\r\n\r\n* Stack-based Buffer Overflow (CWE-121) - CVE-2023-6314\r\n* Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) - CVE-2023-6315\r\n\r\nMichael Heinzl reported these vulnerabilities to the developer and coordinated. After the coordination was completed, Panasonic reported the case to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-001001.html",
"sec:cpe": {
"#text": "cpe:/a:panasonic:fpwin_pro",
"@product": "FPWIN Pro",
"@vendor": "Panasonic Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-001001",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU92102247/index.html",
"@id": "JVNVU#92102247",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-6314",
"@id": "CVE-2023-6314",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-6315",
"@id": "CVE-2023-6315",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-6314",
"@id": "CVE-2023-6314",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-6315",
"@id": "CVE-2023-6315",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/121.html",
"@id": "CWE-121",
"@title": "Stack-based Buffer Overflow(CWE-121)"
}
],
"title": "Multiple vulnerabilities in Panasonic Control FPWIN Pro7"
}
JVNDB-2023-003764
Vulnerability from jvndb - Published: 2023-09-27 14:44 - Updated:2023-09-27 14:44
Severity
Summary
Multiple vulnerabilities in Panasonic KW Watcher
Details
KW Watcher provided by Panasonic contains multiple vulnerabilities listed below.
* Improper restriction of operations within the bounds of a memory buffer (CWE-119) - CVE-2023-3471
* Use after free (CWE-416) - CVE-2023-3472
Michael Heinzl reported these vulnerabilities to Panasonic and coordinated.
After the coordination was completed, Panasonic reported the case to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003764.html",
"dc:date": "2023-09-27T14:44+09:00",
"dcterms:issued": "2023-09-27T14:44+09:00",
"dcterms:modified": "2023-09-27T14:44+09:00",
"description": "KW Watcher provided by Panasonic contains multiple vulnerabilities listed below.\r\n\r\n * Improper restriction of operations within the bounds of a memory buffer (CWE-119) - CVE-2023-3471\r\n\r\n * Use after free (CWE-416) - CVE-2023-3472\r\n\r\nMichael Heinzl reported these vulnerabilities to Panasonic and coordinated.\r\nAfter the coordination was completed, Panasonic reported the case to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003764.html",
"sec:cpe": {
"#text": "cpe:/a:panasonic:kw_watcher",
"@product": "KW Watcher",
"@vendor": "Panasonic Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.6",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-003764",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU95549489/index.html",
"@id": "JVNVU#95549489",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-3471",
"@id": "CVE-2023-3471",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-3472",
"@id": "CVE-2023-3472",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-3471",
"@id": "CVE-2023-3471",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-3472",
"@id": "CVE-2023-3472",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/416.html",
"@id": "CWE-416",
"@title": "Use After Free(CWE-416)"
}
],
"title": "Multiple vulnerabilities in Panasonic KW Watcher"
}
JVNDB-2023-002906
Vulnerability from jvndb - Published: 2023-08-22 18:02 - Updated:2024-04-18 17:31
Severity
Summary
Multiple vulnerabilities in Panasonic Control FPWIN Pro7
Details
Control FPWIN Pro7 provided by Panasonic contains multiple vulnerabilities listed below.
* Stack-based Buffer Overflow (CWE-121) - CVE-2023-28728
* Access of Resource Using Incompatible Type (CWE-843) - CVE-2023-28729
* Improper Restriction of Operations within the Bounds of a Memory Buffer
Michael Heinzl first contacted JPCERT/CC, and JPCERT/CC advised him to contact Panasonic directly. Afterwards, he reported these vulnerabilities to Panasonic and coordinated with them. Panasonic and JPCERT/CC published respective advisories in order to notify users of these vulnerabilities.
References
| Type | URL | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002906.html",
"dc:date": "2024-04-18T17:31+09:00",
"dcterms:issued": "2023-08-22T18:02+09:00",
"dcterms:modified": "2024-04-18T17:31+09:00",
"description": "Control FPWIN Pro7 provided by Panasonic contains multiple vulnerabilities listed below.\r\n\r\n * Stack-based Buffer Overflow (CWE-121) - CVE-2023-28728\r\n * Access of Resource Using Incompatible Type (CWE-843) - CVE-2023-28729\r\n * Improper Restriction of Operations within the Bounds of a Memory Buffer\r\n\r\nMichael Heinzl first contacted JPCERT/CC, and JPCERT/CC advised him to contact Panasonic directly. Afterwards, he reported these vulnerabilities to Panasonic and coordinated with them. Panasonic and JPCERT/CC published respective advisories in order to notify users of these vulnerabilities.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002906.html",
"sec:cpe": {
"#text": "cpe:/a:panasonic:fpwin_pro",
"@product": "FPWIN Pro",
"@vendor": "Panasonic Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-002906",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU96622721/index.html",
"@id": "JVNVU#96622721",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-28728",
"@id": "CVE-2023-28728",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-28729",
"@id": "CVE-2023-28729",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-28730",
"@id": "CVE-2023-28730",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-28730",
"@id": "CVE-2023-28730",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-28728",
"@id": "CVE-2023-28728",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-28729",
"@id": "CVE-2023-28729",
"@source": "NVD"
},
{
"#text": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-03",
"@id": "ICSA-23-192-03",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/121.html",
"@id": "CWE-121",
"@title": "Stack-based Buffer Overflow(CWE-121)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/843.html",
"@id": "CWE-843",
"@title": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)(CWE-843)"
}
],
"title": "Multiple vulnerabilities in Panasonic Control FPWIN Pro7"
}
JVNDB-2023-000063
Vulnerability from jvndb - Published: 2023-06-16 14:05 - Updated:2023-06-16 14:05
Severity
Summary
Multiple vulnerabilities in Panasonic AiSEG2
Details
Panasonic AiSEG2 contains multiple vulnerabilities listed below.
* OS Command Injection (CWE-78) - CVE-2023-28726
* Improper Authentication (CWE-287) - CVE-2023-28727
Taku Toyama of NEC Corporation reported CVE-2023-28726 and CVE-2023-28727 vulnerabilities to Panasonic and coordinated. Panasonic and JPCERT/CC published respective advisories in order to notify users of the vulnerabilities.
Yota Egusa of SAKURA internet Inc. reported CVE-2023-28727 vulnerability to IPA. JPCERT/CC coordinated with Panasonic under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000063.html",
"dc:date": "2023-06-16T14:05+09:00",
"dcterms:issued": "2023-06-16T14:05+09:00",
"dcterms:modified": "2023-06-16T14:05+09:00",
"description": "Panasonic AiSEG2 contains multiple vulnerabilities listed below.\r\n\r\n * OS Command Injection (CWE-78) - CVE-2023-28726\r\n * Improper Authentication (CWE-287) - CVE-2023-28727\r\n\r\nTaku Toyama of NEC Corporation reported CVE-2023-28726 and CVE-2023-28727 vulnerabilities to Panasonic and coordinated. Panasonic and JPCERT/CC published respective advisories in order to notify users of the vulnerabilities.\r\n\r\nYota Egusa of SAKURA internet Inc. reported CVE-2023-28727 vulnerability to IPA. JPCERT/CC coordinated with Panasonic under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000063.html",
"sec:cpe": {
"#text": "cpe:/o:panasonic:aiseg2_firmware",
"@product": "AiSEG2 firmware",
"@vendor": "Panasonic Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.1",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000063",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN19748237/index.html",
"@id": "JVN#19748237",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-28726",
"@id": "CVE-2023-28726",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-28727",
"@id": "CVE-2023-28727",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-28726",
"@id": "CVE-2023-28726",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-28727",
"@id": "CVE-2023-28727",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple vulnerabilities in Panasonic AiSEG2"
}
JVNDB-2021-000011
Vulnerability from jvndb - Published: 2021-02-04 15:39 - Updated:2021-02-04 15:39
Severity
Summary
Panasonic Video Insight VMS vulnerable to arbitrary code execution
Details
Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability (CWE-94) because unencrypted communication exists in the communication using non-well known ports.
Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000011.html",
"dc:date": "2021-02-04T15:39+09:00",
"dcterms:issued": "2021-02-04T15:39+09:00",
"dcterms:modified": "2021-02-04T15:39+09:00",
"description": "Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability (CWE-94) because unencrypted communication exists in the communication using non-well known ports.\r\n\r\nPanasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000011.html",
"sec:cpe": {
"#text": "cpe:/a:panasonic:video_insight_vms",
"@product": "Video Insight VMS",
"@vendor": "Panasonic Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000011",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN42252698/index.html",
"@id": "JVN#42252698",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20623",
"@id": "CVE-2021-20623",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20623",
"@id": "CVE-2021-20623",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "Panasonic Video Insight VMS vulnerable to arbitrary code execution"
}
JVNDB-2020-000032
Vulnerability from jvndb - Published: 2020-05-19 16:04 - Updated:2020-06-26 12:19
Severity
Summary
Panasonic Video Insight VMS vulnerable to arbitrary code execution
Details
Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability (CWE-94).
Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000032.html",
"dc:date": "2020-06-26T12:19+09:00",
"dcterms:issued": "2020-05-19T16:04+09:00",
"dcterms:modified": "2020-06-26T12:19+09:00",
"description": "Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability (CWE-94).\r\n\r\nPanasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000032.html",
"sec:cpe": {
"#text": "cpe:/a:panasonic:video_insight_vms",
"@product": "Video Insight VMS",
"@vendor": "Panasonic Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000032",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN96646182/index.html",
"@id": "JVN#96646182",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5997",
"@id": "CVE-2019-5997",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5997",
"@id": "CVE-2019-5997",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "Panasonic Video Insight VMS vulnerable to arbitrary code execution"
}
JVNDB-2019-000056
Vulnerability from jvndb - Published: 2019-09-02 13:57 - Updated:2020-06-26 12:27
Severity
Summary
Panasonic Video Insight VMS vulnerable to SQL injection
Details
Video Insight VMS provided by Panasonic Corporation is a video management suite for video security system. Vide Insight VMS contains a SQL injection vulnerability (CWE-89).
Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000056.html",
"dc:date": "2020-06-26T12:27+09:00",
"dcterms:issued": "2019-09-02T13:57+09:00",
"dcterms:modified": "2020-06-26T12:27+09:00",
"description": "Video Insight VMS provided by Panasonic Corporation is a video management suite for video security system. Vide Insight VMS contains a SQL injection vulnerability (CWE-89).\r\n\r\nPanasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000056.html",
"sec:cpe": {
"#text": "cpe:/a:panasonic:video_insight_vms",
"@product": "Video Insight VMS",
"@vendor": "Panasonic Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000056",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN93833849/index.html",
"@id": "JVN#93833849",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5996",
"@id": "CVE-2019-5996",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5996",
"@id": "CVE-2019-5996",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Panasonic Video Insight VMS vulnerable to SQL injection"
}
JVNDB-2018-000122
Vulnerability from jvndb - Published: 2019-06-28 18:28 - Updated:2019-08-27 17:46
Severity
Summary
Multiple vulnerabilities in Panasonic BN-SDWBP3
Details
BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below.
* Improper Authentication (CWE-287) - CVE-2018-0676
* OS Command Injection(CWE-78) - CVE-2018-0677
* Buffer Overflow (CWE-119) - CVE-2018-0678
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000122.html",
"dc:date": "2019-08-27T17:46+09:00",
"dcterms:issued": "2019-06-28T18:28+09:00",
"dcterms:modified": "2019-08-27T17:46+09:00",
"description": "BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below.\r\n * Improper Authentication (CWE-287) - CVE-2018-0676\r\n * OS Command Injection(CWE-78) - CVE-2018-0677\r\n * Buffer Overflow (CWE-119) - CVE-2018-0678\r\n\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000122.html",
"sec:cpe": {
"#text": "cpe:/o:panasonic:bn-sdwbp3_firmware",
"@product": "BN-SDWBP3 firmware",
"@vendor": "Panasonic Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000122",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN65082538/index.html",
"@id": "JVN#65082538",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0676",
"@id": "CVE-2018-0676",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0677",
"@id": "CVE-2018-0677",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0678",
"@id": "CVE-2018-0678",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0676",
"@id": "CVE-2018-0676",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0677",
"@id": "CVE-2018-0677",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0678",
"@id": "CVE-2018-0678",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple vulnerabilities in Panasonic BN-SDWBP3"
}
JVNDB-2018-000123
Vulnerability from jvndb - Published: 2018-11-29 14:45 - Updated:2019-09-27 10:31
Severity
Summary
Panasonic applications register unquoted service paths
Details
Some pre-installed applications on Panasonic PCs register Windows services with unquoted file paths (CWE-428).
Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000123.html",
"dc:date": "2019-09-27T10:31+09:00",
"dcterms:issued": "2018-11-29T14:45+09:00",
"dcterms:modified": "2019-09-27T10:31+09:00",
"description": "Some pre-installed applications on Panasonic PCs register Windows services with unquoted file paths (CWE-428).\r\n\r\nPanasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000123.html",
"sec:cpe": {
"#text": "cpe:/a:panasonic:multiple_computers",
"@product": "Multiple Computers",
"@vendor": "Panasonic Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.4",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000123",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN36895151/index.html",
"@id": "JVN#36895151",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16183",
"@id": "CVE-2018-16183",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16183",
"@id": "CVE-2018-16183",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Panasonic applications register unquoted service paths"
}
JVNDB-2017-000229
Vulnerability from jvndb - Published: 2017-10-17 17:22 - Updated:2018-03-07 14:24
Severity
Summary
Home unit KX-HJB1000 contains multiple vulnerabilities
Details
Home unit KX-HJB1000 provided by Panasonic Corporation is a control system for home network. Home unit KX-HJB1000 contains multiple vulnerabilities listed below.
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000229.html",
"dc:date": "2018-03-07T14:24+09:00",
"dcterms:issued": "2017-10-17T17:22+09:00",
"dcterms:modified": "2018-03-07T14:24+09:00",
"description": "Home unit KX-HJB1000 provided by Panasonic Corporation is a control system for home network. Home unit KX-HJB1000 contains multiple vulnerabilities listed below.\r\n\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000229.html",
"sec:cpe": {
"#text": "cpe:/o:panasonic:kx-hjb1000_firmware",
"@product": "Home unit KX-HJB1000 firmware",
"@vendor": "Panasonic Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000229",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN54795166/index.html",
"@id": "JVN#54795166",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2131",
"@id": "CVE-2017-2131",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2132",
"@id": "CVE-2017-2132",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2133",
"@id": "CVE-2017-2133",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2131",
"@id": "CVE-2017-2131",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2132",
"@id": "CVE-2017-2132",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2133",
"@id": "CVE-2017-2133",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Home unit KX-HJB1000 contains multiple vulnerabilities"
}
CVE-2021-20623 (GCVE-0-2021-20623)
Vulnerability from cvelistv5 – Published: 2021-02-05 09:35 – Updated: 2024-08-03 17:45
VLAI
Summary
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.
Severity
No CVSS data available.
CWE
- Remote code execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://downloadvi.com/downloads/IPServer/v7.8/780… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN42252698/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic Corporation | Video Insight VMS |
Affected:
versions prior to 7.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloadvi.com/downloads/IPServer/v7.8/780182/v780182RN.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN42252698/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Video Insight VMS",
"vendor": "Panasonic Corporation",
"versions": [
{
"status": "affected",
"version": "versions prior to 7.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-05T09:35:22.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloadvi.com/downloads/IPServer/v7.8/780182/v780182RN.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN42252698/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Video Insight VMS",
"version": {
"version_data": [
{
"version_value": "versions prior to 7.8"
}
]
}
}
]
},
"vendor_name": "Panasonic Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloadvi.com/downloads/IPServer/v7.8/780182/v780182RN.pdf",
"refsource": "MISC",
"url": "http://downloadvi.com/downloads/IPServer/v7.8/780182/v780182RN.pdf"
},
{
"name": "https://jvn.jp/en/jp/JVN42252698/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN42252698/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20623",
"datePublished": "2021-02-05T09:35:23.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:44.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5997 (GCVE-0-2019-5997)
Vulnerability from cvelistv5 – Published: 2020-05-20 10:15 – Updated: 2024-08-04 20:09
VLAI
Summary
Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors.
Severity
No CVSS data available.
CWE
- Code injection
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic Corporation | Video Insight VMS |
Affected:
prior to 7.6.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://downloadvi.com/downloads/IPServer/v7.6/76148/v76148RN.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96646182/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Video Insight VMS",
"vendor": "Panasonic Corporation",
"versions": [
{
"status": "affected",
"version": "prior to 7.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T02:57:55.842Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "http://downloadvi.com/downloads/IPServer/v7.6/76148/v76148RN.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN96646182/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5997",
"datePublished": "2020-05-20T10:15:21.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:24.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0677 (GCVE-0-2018-0677)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI
Summary
BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN65082538/index.html | third-party-advisoryx_refsource_JVN |
| https://p3.support.panasonic.com/faq/show/5017?&s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic Corporation | BN-SDWBP3 |
Affected:
firmware version 1.0.9 and earlier
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#65082538",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BN-SDWBP3",
"vendor": "Panasonic Corporation",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.9 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#65082538",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BN-SDWBP3",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.9 and earlier"
}
]
}
}
]
},
"vendor_name": "Panasonic Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#65082538",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"name": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3",
"refsource": "MISC",
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0677",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:48.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16183 (GCVE-0-2018-16183)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.
Severity
No CVSS data available.
CWE
- Unquoted Search Path or Element
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN36895151/index.html | third-party-advisoryx_refsource_JVN |
| https://pc-dl.panasonic.co.jp/dl/docs/077770 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic Corporation | Some pre-installed applications on Panasonic PC |
Affected:
run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#36895151",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN36895151/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pc-dl.panasonic.co.jp/dl/docs/077770"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Some pre-installed applications on Panasonic PC",
"vendor": "Panasonic Corporation",
"versions": [
{
"status": "affected",
"version": "run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#36895151",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN36895151/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pc-dl.panasonic.co.jp/dl/docs/077770"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Some pre-installed applications on Panasonic PC",
"version": {
"version_data": [
{
"version_value": "run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009"
}
]
}
}
]
},
"vendor_name": "Panasonic Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#36895151",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN36895151/index.html"
},
{
"name": "https://pc-dl.panasonic.co.jp/dl/docs/077770",
"refsource": "MISC",
"url": "https://pc-dl.panasonic.co.jp/dl/docs/077770"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16183",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0676 (GCVE-0-2018-0676)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI
Summary
BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors.
Severity
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN65082538/index.html | third-party-advisoryx_refsource_JVN |
| https://p3.support.panasonic.com/faq/show/5017?&s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic Corporation | BN-SDWBP3 |
Affected:
firmware version 1.0.9 and earlier
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#65082538",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BN-SDWBP3",
"vendor": "Panasonic Corporation",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.9 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#65082538",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BN-SDWBP3",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.9 and earlier"
}
]
}
}
]
},
"vendor_name": "Panasonic Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#65082538",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"name": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3",
"refsource": "MISC",
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0676",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:48.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0678 (GCVE-0-2018-0678)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI
Summary
Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN65082538/index.html | third-party-advisoryx_refsource_JVN |
| https://p3.support.panasonic.com/faq/show/5017?&s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic Corporation | BN-SDWBP3 |
Affected:
firmware version 1.0.9 and earlier
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#65082538",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BN-SDWBP3",
"vendor": "Panasonic Corporation",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.9 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#65082538",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BN-SDWBP3",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.9 and earlier"
}
]
}
}
]
},
"vendor_name": "Panasonic Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#65082538",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"name": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3",
"refsource": "MISC",
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0678",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:49.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20623 (GCVE-0-2021-20623)
Vulnerability from nvd – Published: 2021-02-05 09:35 – Updated: 2024-08-03 17:45
VLAI
Summary
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.
Severity
No CVSS data available.
CWE
- Remote code execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://downloadvi.com/downloads/IPServer/v7.8/780… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN42252698/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic Corporation | Video Insight VMS |
Affected:
versions prior to 7.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloadvi.com/downloads/IPServer/v7.8/780182/v780182RN.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN42252698/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Video Insight VMS",
"vendor": "Panasonic Corporation",
"versions": [
{
"status": "affected",
"version": "versions prior to 7.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-05T09:35:22.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloadvi.com/downloads/IPServer/v7.8/780182/v780182RN.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN42252698/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Video Insight VMS",
"version": {
"version_data": [
{
"version_value": "versions prior to 7.8"
}
]
}
}
]
},
"vendor_name": "Panasonic Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloadvi.com/downloads/IPServer/v7.8/780182/v780182RN.pdf",
"refsource": "MISC",
"url": "http://downloadvi.com/downloads/IPServer/v7.8/780182/v780182RN.pdf"
},
{
"name": "https://jvn.jp/en/jp/JVN42252698/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN42252698/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20623",
"datePublished": "2021-02-05T09:35:23.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:44.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5997 (GCVE-0-2019-5997)
Vulnerability from nvd – Published: 2020-05-20 10:15 – Updated: 2024-08-04 20:09
VLAI
Summary
Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors.
Severity
No CVSS data available.
CWE
- Code injection
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic Corporation | Video Insight VMS |
Affected:
prior to 7.6.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://downloadvi.com/downloads/IPServer/v7.6/76148/v76148RN.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96646182/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Video Insight VMS",
"vendor": "Panasonic Corporation",
"versions": [
{
"status": "affected",
"version": "prior to 7.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T02:57:55.842Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "http://downloadvi.com/downloads/IPServer/v7.6/76148/v76148RN.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN96646182/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5997",
"datePublished": "2020-05-20T10:15:21.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:24.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0677 (GCVE-0-2018-0677)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI
Summary
BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN65082538/index.html | third-party-advisoryx_refsource_JVN |
| https://p3.support.panasonic.com/faq/show/5017?&s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic Corporation | BN-SDWBP3 |
Affected:
firmware version 1.0.9 and earlier
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#65082538",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BN-SDWBP3",
"vendor": "Panasonic Corporation",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.9 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#65082538",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BN-SDWBP3",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.9 and earlier"
}
]
}
}
]
},
"vendor_name": "Panasonic Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#65082538",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"name": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3",
"refsource": "MISC",
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0677",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:48.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16183 (GCVE-0-2018-16183)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.
Severity
No CVSS data available.
CWE
- Unquoted Search Path or Element
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN36895151/index.html | third-party-advisoryx_refsource_JVN |
| https://pc-dl.panasonic.co.jp/dl/docs/077770 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic Corporation | Some pre-installed applications on Panasonic PC |
Affected:
run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#36895151",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN36895151/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pc-dl.panasonic.co.jp/dl/docs/077770"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Some pre-installed applications on Panasonic PC",
"vendor": "Panasonic Corporation",
"versions": [
{
"status": "affected",
"version": "run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#36895151",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN36895151/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pc-dl.panasonic.co.jp/dl/docs/077770"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Some pre-installed applications on Panasonic PC",
"version": {
"version_data": [
{
"version_value": "run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009"
}
]
}
}
]
},
"vendor_name": "Panasonic Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#36895151",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN36895151/index.html"
},
{
"name": "https://pc-dl.panasonic.co.jp/dl/docs/077770",
"refsource": "MISC",
"url": "https://pc-dl.panasonic.co.jp/dl/docs/077770"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16183",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0676 (GCVE-0-2018-0676)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI
Summary
BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors.
Severity
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN65082538/index.html | third-party-advisoryx_refsource_JVN |
| https://p3.support.panasonic.com/faq/show/5017?&s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic Corporation | BN-SDWBP3 |
Affected:
firmware version 1.0.9 and earlier
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#65082538",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BN-SDWBP3",
"vendor": "Panasonic Corporation",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.9 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#65082538",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BN-SDWBP3",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.9 and earlier"
}
]
}
}
]
},
"vendor_name": "Panasonic Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#65082538",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"name": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3",
"refsource": "MISC",
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0676",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:48.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0678 (GCVE-0-2018-0678)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI
Summary
Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN65082538/index.html | third-party-advisoryx_refsource_JVN |
| https://p3.support.panasonic.com/faq/show/5017?&s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Panasonic Corporation | BN-SDWBP3 |
Affected:
firmware version 1.0.9 and earlier
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#65082538",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BN-SDWBP3",
"vendor": "Panasonic Corporation",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.9 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#65082538",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BN-SDWBP3",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.9 and earlier"
}
]
}
}
]
},
"vendor_name": "Panasonic Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#65082538",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN65082538/index.html"
},
{
"name": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3",
"refsource": "MISC",
"url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0678",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:49.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}